1993-03-11 - CRYPT: Dingaling Denning & random # generators

Header Data

From: ld231782@longs.lance.colostate.edu
To: cypherpunks@toad.com
Message Hash: 0bad0bdfb16e628fb001c2ca3aac5898989e4e5f72d6c76e839d74be19f9b942
Message ID: <9303110005.AA03709@longs.lance.colostate.edu>
Reply To: <9303102302.AA23528@cuba.Cayman.COM>
UTC Datetime: 1993-03-11 00:06:35 UTC
Raw Date: Wed, 10 Mar 93 16:06:35 PST

Raw message

From: ld231782@longs.lance.colostate.edu
Date: Wed, 10 Mar 93 16:06:35 PST
To: cypherpunks@toad.com
Subject: CRYPT: Dingaling Denning & random # generators
In-Reply-To: <9303102302.AA23528@cuba.Cayman.COM>
Message-ID: <9303110005.AA03709@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain



I don't think we need to be too concerned about D. Denning's proposals
(the D. stands for Dingaling, in case you're wondering). Has she
addressed `adequately' the issue of giving false keys to the archiving
authority in her article? (If such a thing is even possible.) The whole
idea sounds so unbelievably unrealistic and bizarre I can't believe
anyone with a significant intelligence or reputation on the line would
propose it (but then again, academics can make a living on outdoing
each other in their unrealistic and bizarre proposals).

I don't really see how this idea of wiretappable encrypted
communications could be carried out, unless there are some kind of
centralized encryption servers run by the government (I'm ashamed to
even say such a thing), and make "private" encryption illegal.  This
smacks of such blatant totalitarianism I can't imagine anyone in the
U.S. seriously considering it (except, of course, perhaps law
enforcement types or NSA operatives).  Considering how much copiers
were regulated in the Soviet Union, I can't say that it'd be impossible
to regulate every single of the 100's of millions of PC's in the world
or in a country to pull this off, but there's no end to the strange
effects brewed from isolated, idealistic bureacrats (and no limit to
the severity of threats to freedom...)

As I posted once to sci.crypt: encrypted communication is virtually
interchangeable with and indistinguishable from communication itself.
How does someone `know' that you are encrypting a message? Even
straight ASCII messages can contain encrypted messages. (In fact, it
would be interesting to write an application that will take any message
and encode it like this.)  Can you imagine the Meaning Police showing
up on your doorstep demanding to know what your last message REALLY
MEANS, and smirking malevolently when you insist that it's just a love
note to your girlfriend? Unless a really severe cold front hits Hell, I
think we're safe on this one.  The thing we DO need to be VERY AFRAID
OF, and LOBBY VEHEMENTLY AGAINST, is bizarre laws that are vague and
can be twisted to whatever means police desire, and put the burden of
proof and recovery on possibly innocent victims, such as the
without-due-process property-confiscating drug laws we have now.

(I suppose one possibility is requiring `carriers' -- phone companies,
telegraph services, etc.--to provide keys for messages they encrypt.
But what is the strength of nonlocal encryption? Would anybody use
this?  I guess there are a lot of unsophisticated people who want
somebody else to do their encryption for 'em, but boy, not I...)

To do something like have completely tappable communications, we'd need
half the country to monitor the other half, to make sure nothing out of
context is going on. Only problem with this is, who monitors the
monitors? (The cypherpunks?)  (I suppose I shouldn't be so flippant,
because Nazi Germany was one example of a state with a comprehensive
populace-monitoring apparatus...)

No, I don't buy that paranoid plop about how it would be "trivial" to
set up filters that "detect" encryption, or that this is happening on a
widespread scale by the NSA in the U.S. This is an absolutely absurd
claim.  These mechanisms could be just as trivially defeated (although
a-priori knowledge of their function may be required).  People who
think encryption is different from communication think that symbols are
different than letters.  Speaking as a programmer, good luck explaining
it to a computer.

I just think Mrs. Denning is well-intentioned but completely out of
touch with reality on this one (hm, what's a nice academic PC term for
this? cluefully challenged?) Is *anybody* taking her seriously? Maybe
we should start an email campaign to SEND HER CLUES.  Maybe a Cease and
Desist court order?  Maybe we could get the police to do a search on
her house for all her cryptography keys (hehe, anonymous tip that she
keeps an encrypted database of illegal activities? sorry, don't take me seriously).

- - -

From: corwin@Cayman.COM (Lord Among Panthers)

>Encrypt your message as you
>normally would, and what do you end up with?  A bunch of seemingly
>random bits.  Wrap a little header around it claiming it is data from
>a Johnson-Noise measurement experiment, or some such thing.  To
>increase plausibility, you can build yourself a Johnson Noise
>measurement aparatus (all you need is a high-sensativity voltmeter and
>a resistor).

*= <- light bulb going off -- hm, could something like that be used as
a hardware random number generator?





Thread